Brad, The official ClamAV virus database is digitally signed before posting to the ClamAV mirrors. The CVD signature is checked before database load time. Virus names of signatures from non-signed databases are appended with ".UNOFFICIAL".
Hope this helps, Steve On Thu, Jan 28, 2016 at 5:29 PM, Brad Scalio <sca...@gmail.com> wrote: > Is there any integrity or authenticity checks within freshclam when it > connects to the clamAV servers to download the virus signature databases? > > Also is there any non-repudiation of the servers hosting the virus > signature databases, that is who gets to be a host and is there any > procedures to ensure those servers hosting the files are secured and the > files genuine? > > Sorry for ambiguity I'm just looking for anything, I'm not suggesting > changes if there aren't just need fodder if there are any. > > Thanks! > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
